we having same problem but in our case, client can change password 24h after admin set password for that account (and didnt check "user need to change password), even if password policy is set to 0 as minimum days for password.